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Dear Sir: 

In accordance with the provisions of 37 C.F.R. § 41.37, Appellant submits the 
following Reply Brief in response to the Examiner's Answer: 

I. REAL PARTY IN INTEREST 

The Examiner's Answer is correct in regard to the real party in interest. 

II. RELATED APPEALS AND INTERFERENCES 

The Examiner's Answer is correct in regard to related appeals or interferences. 

III. STATUS OF CLAIMS 

The Examiner's Answer is correct in regard to the status of the claims. 

IV. STATUS OF AMENDMENTS 

The Examiner's Reply indicates that the "Status of Amendments" as stated in the 
Appellant's Brief is correct. However, the reference in Appellant's Brief to an "Advisory 
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Action mailed November 7, 2009" is incorrect as to the date. The correct date of the 
Advisory Action is November 7, 2008. 

V. SUMMARY OF CLAIMED SUBJECT MATTER SUBJECT TO APPEAL 

The Examiner's Answer is correct in regard to the subject matter subject to 

appeal. 

VI. GROUNDS OF REJECTION TO BE REVIEWED ON APPEAL 

The Examiner's Answer is correct in regard to the grounds of rejection to be 
reviewed on appeal. 

VII. ARGUMENTS 

In the discussion that follows, "Office Action" refers to the Final Office Action 

mailed on September 10, 2008. 

Figure 1 of Grantges is presented below to aid in the discussion that follows: 



The Examiner's Answer continues to disregard the architecture of the presently 
claimed invention in which a remote gateway agent acts as a server to both the client 
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operating on the user device (located on the insecure side of the firewall) and the remote 
proxy agent operating on the processing system (located on the secure side of the 
firewall). The architecture of the primary reference, Grantges, does not teach the 
architecture noted above. 

The architecture of the claimed inventions eliminates the complex 
firewall/authorization server structures of Grantges while providing secured access to a 
workstation. Additionally, the remote proxy agent allows communications to pass 
through the firewall without the need for a proxy server (illustrated as a component of 
application gateway 38 in FIG. 1 of Grantges) or for other components of application 
gateway 38. 

The general flow taught by Grantges and the flow taught by the present 
application are illustrated below (both simplified for discussion purposes). 
GRANTGES 


If the firewall and permission structures were eliminated from the Grantges 
system, the client could communicate directly with the web server. "In effect, remote 
user 18 provides the web browser, and the application being accorded secure access 
provides the destination server. Computer system 20 provides the remainder of the 
needed connectivity and security." (Grantges, Col. 5, lines 34-39.) 

In contrast to the structure described in Grantges, the limitations of the 
independent claims at issue here require that the workstation/remote proxy agent register 
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(initiate communications) with the remote gateway before a request is submitted by a 
user device/client. Grantges does not teach or reasonably suggest these limitations. 
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Claim 103 recites the limitation, "receiving at the remote gateway agent a client 

registration request from the remote proxy agent, wherein the client registration request 

creates a client-to-server connection through the firewall between the remote proxy agent 

and the remote gateway agent." According to the Examiner's Answer, this limitation is 

"read in light of lines 12-23 on page 10 of the Specification of the Appellant's 

application." (Examiner's Answer at p. 11 .) However, the Examiner's Answer does not 

address the language of the disclosure that describes the registration pre-condition: 

In a preferred embodiment, WAP phone 107 in practice operated by a remote 
user, connects to a proxy server such as is exemplified in WAPGW 104 (proxy 
software not illustrated) having RAGW 105 operational therein. From WAPGW 
104, phone 107, using micro-browser 108, connects to any server within Internet 
110 such as the illustrated server 1 1 1 . In addition, when any of PCs hosting RPA 
are logged into and registered with WPAGW 104 . a user operating WAP 
phone 107 may access a designated PC 1 16a-n to perform certain tasks, access 
certain information and so on. Typically, a user operating WAP phone 107 is an 
employee or another trusted associate of business 1 15. In one embodiment, 
trusted clients may be given access to certain business machine such as any one or 
more of PCs 1 16a-n. (Specification, lines 12-23, p. 10; emphasis added by 
holding and underlining.) 
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It is the registration of a device housing a remote proxy agent (RPA) that 
establishes a client-to-server connection through the firewall between the remote proxy 
agent and the remote gateway agent that is recited in claim 103. 

Against this disclosure, the Examiner's Reply reasserts the previously lodged 
conclusion that the limitation is taught by Col. 4, lines 23-65 of Grantges. 

The cited disclosure from Grantges describes a multi-step authentication process. 
A user enters a URL of an application server. The URL is redirected to a proxy server 
where the user presents a certificate. If the proxy server determines that a certificate of 
the user is acceptable as to form, the certificate is forwarded through a firewall to a 
gateway. The content of the certificate is checked against data stored on an authorization 
server. If the content is verified, the user is then directed to the URL as originally 
entered. 

The function of the application gateway (FIG. 1, 38) is to process certificates and 

to act as a proxy server on the secured side of the disclosed firewall : 

One criteria involves the destination location on the private network for 
incoming messages. In this regard, firewall system 32 restricts communication 
originating from the insecure network 26, only allowing passage of messages 
destined for application gateway 38 on the private network (e.g., gateway proxy 
server 40). Firewall system 32 may comprise conventional apparatus known to 
those of ordinary skill in the art. (Grantges, Col. 5, lines 47-52.) 

Gateway 38 includes gateway proxy server 40 and gateway web server 44. 
Gateway proxy server 40 is configured to establish second secure connection 54 
across firewall system 32 with DMZ proxy server 34. (Grantges, Col. 6, lines 39- 
43.) 

Gateway proxy server 40 further performs well-known mapping functions, 
and, in accordance with the present invention, efficiently routes messages 
destined for various applications 24.sub.l, 24.sub.2, . . . , 24.sub.3 to the 
appropriate one of the destination servers 28.sub.l, 28.sub.2, . . . , 28.sub.3. 
Gateway proxy server 40 may comprise conventional apparatus known to those of 
ordinary skill in the art, such as, for example, Netscape proxy server software 
running on conventional hardware. 
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Gateway proxy server 40 is further configured to establish third secure 
connection 56 within gateway 38 with web server 44. Connection 56 may be 
established as described above with respect to secure connection 54. (Grantges, 
Col. 7, lines 1-12.) 

The gateway described in Grantges, and particularly the gateway proxy server 
(FIG. 1, 40), does not have a server-client relationship with the destination server (FIG. 1, 
28) and a server-client relationship with the client computer (FIG. 1, 22). In contrast to 
Grantges, claim 103 of Appellant's application recites that a client-server relationship is 
established between the remote proxy agent and the remote gateway agent by virtue of 
the registration of the remote proxy agent with the remote gateway agent. 

The Examiner's Answer refers to various disclosures of Grantges that describe 

communications between gateway proxy server 40 and authorization server 46 using a 

Lightweight Directory Access Protocol (LDAP), the information maintained by the 

authorization server, and the routing of messages through the firewall. The Examiner's 

Answer makes various references to "the proxy server." Because Grantges describes two 

proxy servers (the DMZ proxy server 34 on the insecure side of the firewall and gateway 

proxy server 40 on the secure side of the firewall), the assertion in the Examiner's 

Answer is not clear. In addition, the Examiner's Answer at page 12 asserts that 

"Grantges has a proxy server and web server in the same DMZ server." According to 

Grantges, the DMZ proxy server 34 does not know the address of the application server: 

It bears emphasizing that DMZ proxy server 34 only knows the URL of 
application gateway proxy server 40, not the URL of the destination servers. 
Only the mapping information for the gateway proxy server 40, which is kept in a 
local configuration file (behind the firewall), provides the URL/addresses of the 
destination servers. (Grantges, Col. 8, lines 60-65; emphasis added by holding.) 
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Based on this description, Appellant has construed the reference to "DMZ server" 
in the Examiner's Answer to refer to the application gateway 38 comprising gateway 
proxy server 40 and enterprise server 44. 

The argument presented in the Examiner's Answer appears to be that Grantges 
teaches that software applications (FIG. 1, 24) are known to the proxy server through 
which the user has access because the user may select applications from an options page. 
(See, Examiner's Answer, pp. 1 1 and 12.) Assuming that this reading of Grantges is 
correct, it is not clear how this teaches the limitation, "receiving at the remote gateway 
agent a client registration request from the remote proxy agent, wherein the client 
registration request creates a client-to-server connection through the firewall between the 
remote proxy agent and the remote gateway agent." The asserted knowledge of the 
applications by "the proxy server" does not teach or suggest the claimed registration 
request or the claimed establishment of a client-server relationship between the remote 
proxy agent and the remote gateway agent that is recited in claim 103 of Appellant's 
application. 

Moreover, the proxy sever described in the Examiner's Answer at page 12 as the 
proxy server "through which a user has an access to the applications" (Examiner's 
Answer, p. 12) appears to be the DMZ proxy server 34. The DMZ proxy server 34 does 
not "know" the applications to which the user has access. Even assuming that the 
intended reference is to the gateway proxy server, the gateway proxy server also does not 
know the applications through which the user has access. Rather, after the user has been 
authenticated to the application gateway 38, the option page is presented to the user by 
web server (enterprise server) 44: 
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More particularly, web server 44 is configured to provide an "options page" to 
client computer 22 when user 18 is authenticated and authorized for more than one of 
applications 24.sub.l, 24.sub.2, . . . , 24.sub.3. (Grantges, Col. 7, lines 14-21.) 

Based on the foregoing, Grantges does not teach or reasonably suggest the 

limitation, "receiving at the remote gateway agent a client registration request from the 

remote proxy agent, wherein the client registration request creates a client-to-server 

connection through the firewall between the remote proxy agent and the remote gateway 

agent." 

The Examiner's Answer at page 13 refers to arguments made in an Office Action 
mailed on August 9, 2006. However, it is respectfully pointed out that such arguments 
are directed to claims that have since been canceled. 

The Examiner's Answer at page 13 also refers to an Office Action mailed on 
September 10, 2008. In that Office Action, claims 103-135 were rejected under 35 U.S.C 
§ 1 12 (1) as failing to comply with the written description requirement and claims 103- 
1 13 were rejected under 35 U.S.C § 1 12 (2) as failing to provide a proper antecedent 
basis for limitations in the claims. Not noted in the Examiner's Answer is that the 
rejections of the claims under 35 U.S.C §§ 1 12(1) and 1 12(2) were withdrawn in 
response to an amendment after final rejection filed by Appellant on October 24, 2008. 
The withdrawal of the rejections was made of record in an Advisory Action issued on 
November 7, 2008. 

For the above reasons and those provided in Appellant's Brief on Appeal, 
Appellant respectfully submits that the appealed claims meet the requirements of 35 
U.S.C. §§102 and 103 and that the rejections of the claims be reversed. 
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Petition for Extension of Time 


Appellant hereby petitions for any extension of time that may be required to 
maintain the pendency of this case, and any required fee for such extension is to be 
charged to Deposit Account No. 18-1579. 


Respectfully submitted, 



Jon L. Roberts, Ph.D., J.D. 

Registration No. 31,293 

Elliott D. Light, Esq. 

Registration No. 51,948 

THE MARBURY LAW GROUP, PLLC 

1 1800 Sunrise Valley Drive, Suite 1000 

Reston, V A 20191 

703-391-2900 
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